P-256 support is experimental so require -x to enable it.

Also clean up the externs a little bit by moving experimental and noop
to extern.h.
Reminded by and OK tb@

diff --git a/usr.sbin/rpki-client/cert.c b/usr.sbin/rpki-client/cert.c
index b5fbf3d..c4f347f 100644 (file)
--- a/usr.sbin/rpki-client/cert.c
+++ b/usr.sbin/rpki-client/cert.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: cert.c,v 1.129 2024/03/22 03:38:12 job Exp $ */
+/*     $OpenBSD: cert.c,v 1.130 2024/04/21 19:27:44 claudio Exp $ */
 /*
  * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
  * Copyright (c) 2021 Job Snijders <job@openbsd.org>
@@ -773,7 +773,7 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len)
        }
        X509_ALGOR_get0(&cobj, NULL, NULL, palg);
        nid = OBJ_obj2nid(cobj);
-       if (nid == NID_ecdsa_with_SHA256) {
+       if (experimental && nid == NID_ecdsa_with_SHA256) {
                if (verbose)
                        warnx("%s: P-256 support is experimental", fn);
        } else if (nid != NID_sha256WithRSAEncryption) {

diff --git a/usr.sbin/rpki-client/cms.c b/usr.sbin/rpki-client/cms.c
index 40cf8e1..c9d8ae5 100644 (file)
--- a/usr.sbin/rpki-client/cms.c
+++ b/usr.sbin/rpki-client/cms.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: cms.c,v 1.43 2024/04/21 09:03:22 job Exp $ */
+/*     $OpenBSD: cms.c,v 1.44 2024/04/21 19:27:44 claudio Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -257,7 +257,7 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der,
        X509_ALGOR_get0(&obj, NULL, NULL, psig);
        nid = OBJ_obj2nid(obj);
        /* RFC7935 last paragraph of section 2 specifies the allowed psig */
-       if (nid == NID_ecdsa_with_SHA256) {
+       if (experimental && nid == NID_ecdsa_with_SHA256) {
                if (verbose)
                        warnx("%s: P-256 support is experimental", fn);
        } else if (nid != NID_rsaEncryption &&

diff --git a/usr.sbin/rpki-client/crl.c b/usr.sbin/rpki-client/crl.c
index c6ad99d..1f65073 100644 (file)
--- a/usr.sbin/rpki-client/crl.c
+++ b/usr.sbin/rpki-client/crl.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: crl.c,v 1.33 2024/04/15 13:57:45 job Exp $ */
+/*     $OpenBSD: crl.c,v 1.34 2024/04/21 19:27:44 claudio Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -63,7 +63,7 @@ crl_parse(const char *fn, const unsigned char *der, size_t len)
        }
        X509_ALGOR_get0(&cobj, NULL, NULL, palg);
        nid = OBJ_obj2nid(cobj);
-       if (nid == NID_ecdsa_with_SHA256) {
+       if (experimental && nid == NID_ecdsa_with_SHA256) {
                if (verbose)
                        warnx("%s: P-256 support is experimental", fn);
        } else if (nid != NID_sha256WithRSAEncryption) {

diff --git a/usr.sbin/rpki-client/extern.h b/usr.sbin/rpki-client/extern.h
index f72b383..9dd6997 100644 (file)
--- a/usr.sbin/rpki-client/extern.h
+++ b/usr.sbin/rpki-client/extern.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: extern.h,v 1.216 2024/04/15 13:57:45 job Exp $ */
+/*     $OpenBSD: extern.h,v 1.217 2024/04/21 19:27:44 claudio Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -645,8 +645,10 @@ struct msgbuf;
 
 /* global variables */
 extern int verbose;
+extern int noop;
 extern int filemode;
 extern int excludeaspa;
+extern int experimental;
 extern const char *tals[];
 extern const char *taldescs[];
 extern unsigned int talrepocnt[];

diff --git a/usr.sbin/rpki-client/filemode.c b/usr.sbin/rpki-client/filemode.c
index cd4baad..5590079 100644 (file)
--- a/usr.sbin/rpki-client/filemode.c
+++ b/usr.sbin/rpki-client/filemode.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: filemode.c,v 1.40 2024/03/22 03:38:12 job Exp $ */
+/*     $OpenBSD: filemode.c,v 1.41 2024/04/21 19:27:44 claudio Exp $ */
 /*
  * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -41,8 +41,6 @@
 #include "extern.h"
 #include "json.h"
 
-extern int              verbose;
-
 static X509_STORE_CTX  *ctx;
 static struct auth_tree         auths = RB_INITIALIZER(&auths);
 static struct crl_tree  crlt = RB_INITIALIZER(&crlt);

diff --git a/usr.sbin/rpki-client/output-json.c b/usr.sbin/rpki-client/output-json.c
index afea19f..bc0695e 100644 (file)
--- a/usr.sbin/rpki-client/output-json.c
+++ b/usr.sbin/rpki-client/output-json.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: output-json.c,v 1.48 2024/04/08 14:02:13 tb Exp $ */
+/*     $OpenBSD: output-json.c,v 1.49 2024/04/21 19:27:44 claudio Exp $ */
 /*
  * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
  *
@@ -23,8 +23,6 @@
 #include "extern.h"
 #include "json.h"
 
-extern int experimental;
-
 static void
 outputheader_json(struct stats *st)
 {

diff --git a/usr.sbin/rpki-client/parser.c b/usr.sbin/rpki-client/parser.c
index d26d9c7..f482d67 100644 (file)
--- a/usr.sbin/rpki-client/parser.c
+++ b/usr.sbin/rpki-client/parser.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: parser.c,v 1.134 2024/04/17 15:03:22 tb Exp $ */
+/*     $OpenBSD: parser.c,v 1.135 2024/04/21 19:27:44 claudio Exp $ */
 /*
  * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -38,10 +38,6 @@
 
 #include "extern.h"
 
-extern int noop;
-extern int experimental;
-extern int verbose;
-
 static X509_STORE_CTX  *ctx;
 static struct auth_tree         auths = RB_INITIALIZER(&auths);
 static struct crl_tree  crlt = RB_INITIALIZER(&crlt);

diff --git a/usr.sbin/rpki-client/repo.c b/usr.sbin/rpki-client/repo.c
index 7290dcf..14ea81d 100644 (file)
--- a/usr.sbin/rpki-client/repo.c
+++ b/usr.sbin/rpki-client/repo.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: repo.c,v 1.56 2024/04/08 14:02:13 tb Exp $ */
+/*     $OpenBSD: repo.c,v 1.57 2024/04/21 19:27:44 claudio Exp $ */
 /*
  * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -38,7 +38,6 @@
 #include "extern.h"
 
 extern struct stats    stats;
-extern int             noop;
 extern int             rrdpon;
 extern int             repo_timeout;
 extern time_t          deadline;